Skip to content

fix: resolve 29 security vulnerabilities in dependencies#69

Merged
jmlweb merged 1 commit into
mainfrom
fix/security-audit-deps
Mar 22, 2026
Merged

fix: resolve 29 security vulnerabilities in dependencies#69
jmlweb merged 1 commit into
mainfrom
fix/security-audit-deps

Conversation

@jmlweb
Copy link
Copy Markdown
Owner

@jmlweb jmlweb commented Mar 22, 2026

Security audit fix

The Security CI pipeline has been failing weekly due to 29 vulnerabilities (2 low, 8 moderate, 19 high) in transitive dependencies.

Changes

Added/updated pnpm.overrides in package.json to force patched versions:

Package Override
undici >=7.24.0
hono >=4.12.4
@hono/node-server >=1.19.10
@modelcontextprotocol/sdk >=1.26.0
@isaacs/brace-expansion >=5.0.1
minimatch >=10.2.3
rollup >=4.59.0
flatted >=3.4.2
ajv >=8.18.0
qs >=6.14.2

Result

pnpm auditNo known vulnerabilities found

Build verified: pnpm build completes successfully.

fix: update dependency overrides to resolve security vulnerabilities
685befa 
- undici: >=7.24.0 (CRLF injection, unbounded memory)
- hono: >=4.12.4
- @hono/node-server: >=1.19.10
- @modelcontextprotocol/sdk: >=1.26.0
- @isaacs/brace-expansion: >=5.0.1
- minimatch: >=10.2.3
- rollup: >=4.59.0
- flatted: >=3.4.2
- ajv: >=8.18.0
- qs: >=6.14.2

Resolves 29 vulnerabilities (2 low, 8 moderate, 19 high) → 0
@jmlweb jmlweb merged commit 685befa into main Mar 22, 2026
15 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmlweb